Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act’s Metadata Program be Extended?

Edward Snowden’s disclosure of National Security Agency (“NSA”) bulk collection of communications metadata was a highly disturbing shock to the American public. The intelligence community was surprised by the response, as it had largely not anticipated a strong negative public reaction to this surveillance program. Controversy over the bulk metadata collection led to the 2015 passage of the USA FREEDOM Act. The law mandated that the intelligence community would collect the Call Detail Records (“CDR”) from telephone service providers in strictly limited ways, not in bulk, and only under order from the Foreign Intelligence Surveillance Court. The new program initially seemed to be working well, although the fact that from 40 court orders in both 2016 and 2017, the NSA collected hundreds of millions of CDRs created public concern. Then in June 2018 the NSA announced it had purged three years’ worth of CDRs due to “technical irregularities”; later the agency made clear that it would not seek the program’s renewal. This Article demystifies these situations, analyzing how forty orders might lead to the collection of several million CDRs and providing the first explanation that fits the facts of what might have caused the “technical irregularities” leading to the purge of records. This Article also exposes a rather remarkable lacuna in Congressional oversight: even at the time of the passage of the USA FREEDOM Act a changing terrorist threat environment and changing communications technologies had effectively eliminated value of the CDR collection. We conclude with recommendations on conducting intelligence oversight

How the Fallout from Post-9/11 Surveillance Programs Can Inform Privacy Protections for COVID-19 Contact Tracing Programs

In times of national crises, the government often endows itself with broad and unprecedented powers. Following the events on September 11th, 2001, the government enhanced the scope of its surveillance capabilities in the name of preventing terrorist activity; privacy was second to “safety” as congress reacted rashly to pass legislation. Currently, as the United States responds to the global crisis of COVID-19, surveillance returns as an integral tool for national security. Both local and federal governments are using location metadata and health data to assist in preventing the spread of the disease. Contact/proximity tracing – “which involves figuring out who an infected person has been in contact with and trying to prevent them from infecting others” – is the primary method for surveillance during COVID.19. This is being manifested through government contracts with private internet service providers like Google, Apple, and Facebook. These private third-party corporations have not only collected content-based data from its users (like emails or direct messages) but also metadata like user location that gets continuously and passively uploaded into their servers. While content-based data has been given certain legal protections, the acquisition of metadata by the government from private third parties is still open to interpretation. The current volume of data presents an unprecedented surveillance landscape. As of April 30th, 2020, Facebook has over 2.6 billion monthly active users. Google Chrome, a cross-platform web browser that saves everything you do to your Google account has over 2 billion users as of April 28th 2020. The prevalence of third-party data platforms without any meaningful change in third-party data laws has and will continue to cause significant violations in individual rights to privacy. During COVID-19, there is a key shift in the “expected” surveilled population. Rather than policy that is outwardly aimed at “suspect” populations (“terrorists” or those affiliated) it now can include all US Citizens here or abroad and non-citizens in the country or trying to enter. Applying the lessons learned from post- 9/11 surveillance programs that created blanket-searches of domestic communications in the name national security could be valuable as the United Stated traverses this thicketed terrain. This article will identify key takeaways from the post-9/11 era and use them to contextualize the COVID-19 moment. Part I will discuss the legislation created and amended following 9/11 that gave the government broader powers of surveillance. Part II will look at how the current government has been responding to COVID-19. Both parts I and II will discuss the kinds of data being sought, which government agencies play central roles, and varying methodologies of data collection. Finally, part III will consider some protective courses of action by looking at the fallout from the post-9/11 era of surveillance and its abuses of individual privacy rights when looking forward towards future national security policy. While surveillance will be an integral tool in slowing the spread of COVID-19, the post-9/11 era has shown the kinds of personal violations that occur when government surveillance programs are allowed to act in secrecy and are given incredible deference

An Illusion of Safety: Why Congress Should Let FISA\u27s Lone Wolf Amendment Expire

FISA’s lone wolf amendment is set to expire on December 15, 2019. Created after 9/11 to address evolving threats, specifically lone wolf terrorists, it expanded the government\u27s ability to obtain FISA surveillance warrants for supposed lone wolves. However, since its enactment, it has apparently never been used in the course of an investigation, despite the significant number of lone wolf attacks. Moreover, it is not clear that the lone wolf amendment was originally needed, or that it has the ability to effectively confront the lone wolf threat. This Note argues that Congress should critically evaluate the lone wolf amendment, use this as an opportunity to exercise its oversight role, and let the lone wolf amendment expire

Transparency or Loopholes: Target Locations, FISA Warrants, and Reasonable Belief

The Foreign Intelligence Surveillance Act (FISA) of 1978 was a grand compromise. FISA aimed at continued collection of national security intelligence, while preserving American civil liberties from government overreach. This compromise sought to assuage concerns from the tech industry and high-level government officials by providing protection to both from litigation. The FISA comprise was premised on the independence of a specially created judicial court, the Foreign Intelligence Surveillance Court (FISC), overseeing executive power while providing reporting to Congress. A true balance of power.From its inception, FISA\u27s basic foundation for legality is founded on government knowledge of the physical location of targets. This foundation has not aged well as technology has evolved. In addition to technological advances, the law itself has not been updated to reflect the changes in technology. Congress has shown a penchant for reacting to either the executive or the Supreme Court. Congress\u27 reaction to litigation in 2018, the Court\u27s recent ruling in Carpenter, and Special Counsel Mueller\u27s investigation into Russian election interference with subsequent Congressional disclosures, all threaten the vitality of FISA.This article outlines the foundation, covers the technological developments, and exposes flaws in the FISA system. The Article argues the Government, along with the tech industry must rework another grand compromise to ensure the continued vitality of national security surveillance, while continuing to protect American civil liberties from government overreach

Data Privacy & National Security: A Rubik’s Cube of Challenges and Opportunities That Are Inextricably Linked

Traditionally, issues relating to information privacy have been viewed in a set of distinct, and not always helpful, stovepipes—or, as my former government colleagues often said, tongue-in-cheek, in other contexts—separate “cylinders of excellence.” Thanks to the convergence of technologies and information, the once-separate realms of personal data privacy, consumer protection, and national security are increasingly interconnected. As Congress and national policymakers consider proposals for federal data privacy legislation, regulation of social media platforms, and how to prevent abuses of foreign intelligence and homeland security powers, they should be examining each of these challenges in light of the others, actively looking for synergies and overlap in the protections they may be considering for protection of personal data, individual privacy, and civil liberties.

Law v. Safety: Balancing Domestic Surveillance\u27s Legal Deficiencies Against The Necessity Of Counterterrorism

This thesis discusses whether the collection of metadata by the NSA, as revealed in 2013 by Edward Snowden, from domestic sources is legal and/or effective, and how to balance safety and liberty. The topic is both timely and important due to the potential for abuse that comes with domestic intelligence programs, as well as the risk of suffering a terrorist attack on U.S. soil. Research for this thesis included personal interviews with former NSA and CIA Director Michael Hayden, and reviewing numerous court cases, legal documents, and articles and books on the subject. There is significant evidence that the NSA\u27s mass collection of metadata violates the 4th Amendment, while the FISA Court fails to meet the Case and Controversy and impartial magistrate requirements of the Constitution. Alternatively, it can be argued that the Necessary and Proper Clause, the 3rd Party Doctrine, and the governmental responsibility to protect and defend the people outweigh such concerns. Questions of efficacy are almost impossible to fully explore due to the need to access classified information to do so, but many experts have declared that there is significant evidence that the programs addressed herein are effective in the fight against terrorists. The result of this research is that these programs do violate the law, but with minor tweaks or concessions they can operate fully within constitutional boundaries, and while they may not have enormous effects on counterterrorism, enough good has come from them that it would be improper to shut them down